24th March 2022, 4:00pm - 5:00pm (GST)
Attack Cost Model
In determining which cryptosystems to use and what parameter choices to make for those cryptosystems, a major criterion is the concrete security of the cryptosystem and parameter set (i.e. the complexity of the cheapest attack.) Ideally, the concrete security could be expressed in a single number, like 128 bits of security, 192 bits of security etc. However, often in attempting to do this we find ourselves making assumptions about the relative cost of classical operations, quantum operations, memory, memory bandwidth, hardware, wall-clock time, energy etc. This talk will draw upon the experience of the NIST Postquantum Cryptography (PQC) standardization process to give examples of the issues that come up when trying to compare the concrete security of very dissimilar schemes, and the various approaches that have been suggested to resolve these issues.
Ray Perlner is a mathematician in the Cryptographic Technology Group of the National Institute of Standards and Technology (NIST). At NIST, he has participated in the development of the NIST Digital Identity Guidelines (SP 800-3-3), and the competition for selection of the SHA-3 hash functions. He is currently working on the NIST PQC standardization effort which has been ongoing since 2016. His recent research has focused on cryptanalysis of post quantum algorithms, and he has worked with internationally comprised teams to publish cryptanalysis papers on multivariate and code-based cryptography. Ray is co-author of the forthcoming 3rd edition of “Network Security: Private Communication in a Public World.”